====================================================== [ INFO: possible circular locking dependency detected ] 4.9.141+ #1 Not tainted ------------------------------------------------------- syz-executor.4/9831 is trying to acquire lock: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x12d0 fs/seq_file.c:178 but task is already holding lock: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock_nested fs/pipe.c:66 [inline] (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 fs/pipe.c:74 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_nested+0xc0/0x900 kernel/locking/mutex.c:621 __pipe_lock fs/pipe.c:87 [inline] fifo_open+0x15c/0x9e0 fs/pipe.c:921 do_dentry_open+0x3ef/0xc90 fs/open.c:766 vfs_open+0x11c/0x210 fs/open.c:879 do_last fs/namei.c:3410 [inline] path_openat+0x542/0x2790 fs/namei.c:3534 do_filp_open+0x197/0x270 fs/namei.c:3568 do_open_execat+0x10f/0x640 fs/exec.c:844 do_execveat_common.isra.14+0x687/0x1ed0 fs/exec.c:1723 do_execve fs/exec.c:1829 [inline] SYSC_execve fs/exec.c:1910 [inline] SyS_execve+0x42/0x50 fs/exec.c:1905 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_killable_nested+0xcc/0x9f0 kernel/locking/mutex.c:641 lock_trace+0x44/0xc0 fs/proc/base.c:431 proc_pid_personality+0x1c/0xc0 fs/proc/base.c:2878 proc_single_show+0xfd/0x170 fs/proc/base.c:785 seq_read+0x4b6/0x12d0 fs/seq_file.c:240 __vfs_read+0x115/0x560 fs/read_write.c:449 vfs_read+0x124/0x390 fs/read_write.c:472 SYSC_pread64 fs/read_write.c:626 [inline] SyS_pread64+0x145/0x170 fs/read_write.c:613 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb check_prev_add kernel/locking/lockdep.c:1828 [inline] check_prevs_add kernel/locking/lockdep.c:1938 [inline] validate_chain kernel/locking/lockdep.c:2265 [inline] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_nested+0xc0/0x900 kernel/locking/mutex.c:621 seq_read+0xdd/0x12d0 fs/seq_file.c:178 proc_reg_read+0xfd/0x180 fs/proc/inode.c:203 do_loop_readv_writev.part.1+0xd5/0x280 fs/read_write.c:718 do_loop_readv_writev fs/read_write.c:707 [inline] do_readv_writev+0x56e/0x7b0 fs/read_write.c:873 vfs_readv+0x84/0xc0 fs/read_write.c:897 kernel_readv fs/splice.c:363 [inline] default_file_splice_read+0x451/0x7f0 fs/splice.c:435 do_splice_to+0x10c/0x170 fs/splice.c:899 do_splice fs/splice.c:1192 [inline] SYSC_splice fs/splice.c:1416 [inline] SyS_splice+0x10d2/0x14d0 fs/splice.c:1399 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb other info that might help us debug this: Chain exists of: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pipe->mutex/1); lock(&sig->cred_guard_mutex); lock(&pipe->mutex/1); lock(&p->lock); *** DEADLOCK *** 1 lock held by syz-executor.4/9831: #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock_nested fs/pipe.c:66 [inline] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock+0x5e/0x70 fs/pipe.c:74 stack backtrace: CPU: 1 PID: 9831 Comm: syz-executor.4 Not tainted 4.9.141+ #1 ffff8800b2d1f278 ffffffff81b42e79 ffffffff83ca2fd0 ffffffff83ca9f30 ffffffff83ca4920 ffff8800aa53b850 ffff8800aa53af80 ffff8800b2d1f2c0 ffffffff813fee40 0000000000000001 00000000aa53b830 0000000000000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_circular_bug.cold.36+0x2f7/0x432 kernel/locking/lockdep.c:1202 [] check_prev_add kernel/locking/lockdep.c:1828 [inline] [] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [] validate_chain kernel/locking/lockdep.c:2265 [inline] [] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345 [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc0/0x900 kernel/locking/mutex.c:621 [] seq_read+0xdd/0x12d0 fs/seq_file.c:178 [] proc_reg_read+0xfd/0x180 fs/proc/inode.c:203 [] do_loop_readv_writev.part.1+0xd5/0x280 fs/read_write.c:718 [] do_loop_readv_writev fs/read_write.c:707 [inline] [] do_readv_writev+0x56e/0x7b0 fs/read_write.c:873 [] vfs_readv+0x84/0xc0 fs/read_write.c:897 [] kernel_readv fs/splice.c:363 [inline] [] default_file_splice_read+0x451/0x7f0 fs/splice.c:435 [] do_splice_to+0x10c/0x170 fs/splice.c:899 [] do_splice fs/splice.c:1192 [inline] [] SYSC_splice fs/splice.c:1416 [inline] [] SyS_splice+0x10d2/0x14d0 fs/splice.c:1399 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb selinux_nlmsg_perm: 1462 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9832 comm=syz-executor.4 audit_printk_skb: 2070 callbacks suppressed audit: type=1400 audit(1575339200.923:20497): avc: denied { sys_admin } for pid=9876 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339200.983:20498): avc: denied { net_admin } for pid=9876 comm="syz-executor.0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339201.093:20499): avc: denied { dac_override } for pid=9876 comm="syz-executor.0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339201.093:20500): avc: denied { dac_override } for pid=9863 comm="syz-executor.1" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339201.093:20501): avc: denied { net_admin } for pid=9851 comm="syz-executor.2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339201.093:20502): avc: denied { net_admin } for pid=9856 comm="syz-executor.3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339201.093:20503): avc: denied { net_admin } for pid=9856 comm="syz-executor.3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 qtaguid: iface_stat: create(lo): no inet dev IPv6: ADDRCONF(NETDEV_UP): lo: link is not ready audit: type=1400 audit(1575339201.123:20504): avc: denied { net_admin } for pid=9863 comm="syz-executor.1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339201.133:20505): avc: denied { dac_override } for pid=9876 comm="syz-executor.0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! audit: type=1400 audit(1575339201.213:20506): avc: denied { net_admin } for pid=9851 comm="syz-executor.2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device ip_vti0 left promiscuous mode device ip6_vti0 left promiscuous mode device sit0 left promiscuous mode device ip6tnl0 left promiscuous mode device sit1 left promiscuous mode device tap0 left promiscuous mode device tap1 left promiscuous mode device ip6tnl1 left promiscuous mode device sit2 left promiscuous mode device sit3 left promiscuous mode device sit4 left promiscuous mode device sit5 left promiscuous mode device vti0 left promiscuous mode device vti1 left promiscuous mode device vti2 left promiscuous mode device vti3 left promiscuous mode device vti4 left promiscuous mode device vti5 left promiscuous mode device sit6 left promiscuous mode device l0 left promiscuous mode device sit7 left promiscuous mode device sit8 left promiscuous mode device vti6 left promiscuous mode device sit9 left promiscuous mode ip6_tunnel: l0 xmit: Local address not yet configured! device vti7 left promiscuous mode device vti8 left promiscuous mode device sit10 left promiscuous mode device vti9 left promiscuous mode device left promiscuous mode device @ left promiscuous mode device sit11 left promiscuous mode device vti10 left promiscuous mode device ip6tnl2 left promiscuous mode device ip6tnl3 left promiscuous mode device sit12 left promiscuous mode device sit13 left promiscuous mode device sit14 left promiscuous mode ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! audit_printk_skb: 3303 callbacks suppressed audit: type=1400 audit(1575339205.933:21609): avc: denied { sys_admin } for pid=14651 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339205.933:21608): avc: denied { net_admin } for pid=2081 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339205.933:21610): avc: denied { net_admin } for pid=2081 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339205.953:21611): avc: denied { net_admin } for pid=2081 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339205.953:21612): avc: denied { net_admin } for pid=2081 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339205.953:21613): avc: denied { net_admin } for pid=2081 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339205.953:21614): avc: denied { net_admin } for pid=2081 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339205.953:21615): avc: denied { net_admin } for pid=2081 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339205.953:21616): avc: denied { net_admin } for pid=2081 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1575339205.953:21617): avc: denied { net_admin } for pid=2081 comm="syz-executor.4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: l0 xmit: Local address not yet configured! IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev ip6_tunnel: l0 xmit: Local address not yet configured! ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!